Questions and answers about the European wallet application
The legislation and technical specifications for European wallet applications are not yet complete and may change as work continues. This could affect some of the answers in this FAQ.
Using a wallet application will be entirely voluntary for citizens. Member States will very likely be obligated to ensure that there is at least one wallet application available to their citizens, but citizens will not have to use a wallet application.
According to the legislative proposal, the public sector and businesses and organisations operating in certain private sector fields would have to allow people to use wallet applications to identify themselves when using electronic services. However, this obligation would likely only apply to situations in which EU or national legislation already requires businesses or organisations to allow the use of strong identification to access their services.
Because the legislation on wallet applications is still being drafted, it is hard to provide a specific date. However, the new legislation will specify a time limit for Member States to ensure that a wallet application is available in their territory. This time limit will likely be somewhere between 12 and 24 months.
Self-sovereign identity refers to a person having control of their own personal information in a digital environment. Wallet applications are based on the idea of self-sovereign identity, and the proposed legislation on wallet applications specifies that users of wallet applications must have full control over the information in the application. In the case of wallet applications, self-sovereign means that a user’s personal information will be uploaded to a wallet application on the user’s mobile device and that the user can decide how to use that information. The information is in the user’s possession in the application, and no underlying database of all the information in the application is created, for example, by the authorities.
The goal is that wallet applications could contain the same kind of information as the wallets we carry today. For example, wallet applications could contain driving licences or hygiene passports. Wallet applications could also contain other information and certificates relating to a person, such as diplomas or passports. However, the information would not be automatically sent to the application, but would have to be separately uploaded from each party providing the information. The legislation on wallet applications will not require that certain information always be uploaded into the application.
Finnish public officials have participated in drafting the regulation through meetings of the Council of the EU’s Working Party on Telecommunications and Information Society and of the eIDAS Expert Group and have actively discussed the subject with other Member States. Finland has also applied for funding from the EU Commission to pilot European wallet applications in three different consortia with other Member States.
Data protection is a very important consideration in the drafting of the legislation and technical specifications of wallet applications. The importance of data protection has been one of Finland’s key points in the preparation of wallet applications. However, it is difficult to say what the final specifications will be, as the preparatory work has not yet been completed.
The proposal for the eIDAS Regulation calls the recipients of data relying parties. These parties include various service providers, such as online stores and electronic public services. The proposal includes a requirement that wallet applications must have a technical feature that enables the user to identify the service provider to whom the user wants to send their data. The proposal also includes an obligation for service providers to notify the authorities if the service provider wants to enable the use of wallet applications to access their services. For example, a service provider could enable the use of a wallet application for electronic authentication or to verify other data. The authorities would maintain a list of service providers who have notified the authorities that they allow the use of wallet applications.
The eIDAS Regulation allows legal persons or natural persons representing legal persons to use wallet applications. The proposed regulation does not restrict the ability of legal persons to use wallet applications. However, the work to define the technical requirements for wallet applications led by the Commission has mainly focused on natural persons as the users of wallet applications. Finland has actively highlighted the importance of developing wallet applications for legal persons.